SHARE
TWEET

2016-12-16 Locky "Message from RNP00xxxxxxxxxx"

Racco42 Dec 16th, 2016 196 Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. 2016-12-16: #locky email phishing campaign "Message from RNP00xxxxxxxx"
  2.  
  3. Email sample:
  4. ---------------------------------------------------------------------------------------------------------------------
  5. From: <donotreply@[REDACTED]>
  6. Subject: Message from "RNP002CE0A34F45"
  7. To: [REDACTED]
  8. Date: Fri, 16 Dec 2016 18:45:34 +0700
  9.  
  10. This E-mail was sent from "RNP002CE0A34F45" (Aficio MP 2352).
  11.  
  12. Scan Date: Fri, 16 Dec 2016 18:45:34 +0700)
  13. Queries to: [REDACTED]
  14.  
  15. Attachment: 20161216184534653_0004.docm
  16. ---------------------------------------------------------------------------------------------------------------------
  17. - sender address is donotreply@<recepient's domain>
  18. - subject is "Message fom "RNP00<10 hexa chars>"
  19. - attached file "20161216<7-8 digits>_<3-4 digits>.docm" is a Microsoft Word document with malicious macro that will download malware
  20.  
  21. URLs, malware etc ... are same as in "Attached document" campaign http://pastebin.com/a24a6vcm
RAW Paste Data
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy. OK, I Understand
Top